Confidentiality and Data Protection
I am registered with the ICO (Information Commissioners Office). Under GDPR (General Data Protection Rules), which came into effect on 25th May 2018, I need to tell you what data I have collected or will collect from you. This notice outlines the information I keep, how and why I keep it and what I do with it. It also outlines your rights under GDPR.
What data do I keep and why do I need it?
Name and age
This is basic information to help me know about you. I will also need it if you ever ask me to write a report about you.
Address, email address and phone number
I use these as a way of contacting you regarding your sessions.
If I was worried that you were at risk, I might need to contact your doctor. I would tell you if I was going to do this unless it was impossible to do so.
I keep paper clinical notes of details from sessions that I decide are important for the best delivery of the psychotherapy process.
The lawful basis of my collecting and storing your personal data is under contract law and the GDPR. I am entitled to collect and store the information to be able to provide you with the service that we have contracted for.
Will I share your data and if I do who will I share it with and for what purpose?
It is very unlikely that I will share your data. I will not sell it on or use it for unethical reasons. I may have to share your data if my notes are subpoenaed by court. Also if you or any child you tell me about, is being harmed or is at risk of harm, I may have to pass this information on to the police, your GP or the emergency services. I would always seek your consent before sharing unless it was impossible to do so. I have appointed a clinical executor. In the event I can no longer work with you, they will have access to your contact details and will get in touch with you to advise you about the next steps. I also have a supervisor with whom I may discuss clinical features about you. I will only identify you by your first name.
You have the right to request to see any data I collect and store about you. You have the right to have amended anything that is misleading or incorrect. Under certain circumstances, you have the right to request I destroy any data I keep about you, unless there are compelling legal reasons why I need not comply with your request. I will respond to any such request within 14 days of the request.
How will I store your data?
Your personal details and my clinical notes are kept on paper in a locked filing cabinet. Emails are stored on a password protected lap top and are deleted as soon as they are no longer needed. Your mobile number and texts are kept in my business mobile phone which is password protected and are deleted when they are no longer required.
How long will I store your data for and how will I dispose of it?
I will keep your session notes and your name for 7 years after the end of therapy, which is the time frame my insurance policy requests I keep them for legal reasons. I will shred the privacy consent document and your registration/contract form with your personal information on it one month after our work finishes. I will delete your mobile phone number from my phone one month after our work finishes. All emails will be deleted as soon as they are no longer necessary and at least within one month of us finishing our work together.
Complaints about my handling of your personal data under GDPR
If you are not happy with the way I use your data you can complain to ICO at www.ico.org.uk or phone them on 0303 123 1113